The e2fsprogs packages contain a number of utilities for creating,checking, modifying, and correcting any inconsistencies in second and thirdextended (ext2/ext3) file systems.

Multiple integer overflow flaws were found in the way e2fsprogs processesfile system content. If a victim opens a carefully crafted file system witha program using e2fsprogs, it may be possible to execute arbitrary codewith the permissions of the victim. It may be possible to leverage thisflaw in a virtualized environment to gain access to other virtualizedhosts. (CVE-2007-5497)

Red Hat would like to thank Rafal Wojtczuk of McAfee Avert Research forresponsibly disclosing these issues.

Users of e2fsprogs are advised to upgrade to these updated packages, whichcontain a backported patch to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/FAQ_58_10188